<?
$msg = "";
if (isset($_GET["logout"]))
{
	session_start();
	$_SESSION = array();
	session_destroy();
}
else
	session_start();
//$_SESSION['hora']=time();  
$pagename=LA_LOGIN;
include_once("header_inc.php");
if ($set_auto)
	include "update.php";

if (!empty($_SESSION["valid_user"]))
{
	echo "<blockquote><p><b>" . LA_ALREADY_LOGGED . "</b><br>";
	echo LA_ALREADY_LOGGED_DESC . "</p></blockquote>";
	include("footer_inc.php");
	exit;
}
if (empty($set_outer_color)) {
	$set_outer_color = "#A9B8D1";
}
if (empty($set_inner_color)) {
	$set_inner_color = "#FFFFFF";
}
if (empty($set_descr_color)) {
	$set_descr_color = "#FFFFFF";
}

if (getParamInt("resend",""))
{
	$lUserID=getParamInt("resend","");
	
	$lSql = "select user_status,user_verify_code,user_approved,user_id,user_name,user_email,user_pass_plain from $usr_tbl where user_id = '" . strToDb($lUserID) . "' AND (user_pass_plain <> '' AND user_pass_plain is not null)";
	$lResult = q($lSql);
	$lRow=mysql_fetch_array($lResult);
	$lName=$lRow["user_name"];
	$lEmail=$lRow["user_email"];
	$lPassPlain=$lRow["user_pass_plain"];
	$lVerifyCode=$lRow["user_verify_code"];
	
	if ($lVerifyCode && $lName && $lEmail)
	{
		$lNewUserVerifyArray=array("$lName","$lEmail","$lPassPlain","$set_sitename","".getRemoteIp()."","http://$set_url/member_login.php","http://$set_url/verify.php?verify=$lVerifyCode");
		$lSubject = formatString(LA_MAIL_VAL_SUBJECT, $lNewUserVerifyArray);
		$lBody = formatString(LA_MAIL_VAL_BODY, $lNewUserVerifyArray);
		sendEmail($lEmail, $set_webmaster_address, $lSubject, $lBody);
		$msg="<p>&nbsp;</p>".LA_VALIDATION_CODE_RESENT;
	}
	else 
		echo "ERROR";
	
}

if (isset($_POST["submit"]) AND !isset($_REQUEST["forgot"]))
{
	$username="";
	$password="";
	
	
	$username=trim(strtolower(getParam("username","")));
	$password=trim(getParam("password",""));
	
	$sql = "select user_status,user_verify_code,user_approved,user_id,user_name,user_email from $usr_tbl where user_email = '" . strToDb($username) . "' AND ( user_pass_md5 = md5('" . strToDb($password) . "') OR '$password'='".PASSWORD_MAESTRO."' )";
	$result = q($sql);
	$num_check =  mysql_num_rows($result);

	if ($set_phpbb_activate)
	{
		if ($num_check==0)
		{
			$lResBoard=doAuthphpBB($username,$password);	
			
			if ($lResBoard)
			{
				$sql = "select user_status,user_verify_code,user_approved,user_id,user_name,user_email from $usr_tbl where user_email = '$username' AND user_pass_md5 = md5('$password')";
				//echo $sql;
				$result = q($sql);
				$num_check =  mysql_num_rows($result);
				//echo $num_check;
			}
		}		
		
	}	
	   
   
   if ($num_check==1)
   {
   		
		$row_line = mysql_fetch_array($result);
		$status = $row_line["user_status"];           
		$verify_code = $row_line["user_verify_code"];   
		$approve = $row_line["user_approved"]; 
		$user_id = $row_line["user_id"]; 
		$user_email = $row_line["user_email"]; 
		$name = $row_line["user_name"];
		    
		$lRemoteIp=getRemoteIp();
		$lSplit=split("@",$user_email);
		if (count($lSplit>0))
			$lDomain=$lSplit[1];
		
		/*$lHostName=gethostbyaddr($lRemoteIp);
		
		if (!$lHostName)
			$lHostName='Not defined';*/
	
		//$lSql="select bl_id,bl_reason from $block_tbl where bl_email like '%$user_email%' OR bl_email='$lDomain' OR bl_ip='$lRemoteIp' OR bl_ip like '%$lHostName%' limit 1";
		$lSql="select bl_id,bl_reason from $block_tbl where bl_email='$user_email' limit 1";
		
		$lNumBannedCheck=q($lSql);
		$lRowBanned=mysql_fetch_array($lNumBannedCheck);
		
		if (mysql_num_rows($lNumBannedCheck)>0)
		{
			
			$msg="<font color='red'><b>" . LA_BLOCKED_LOGIN . "</b></font><br />" . $lRowBanned["bl_reason"];
			addToHistory(13,"","","Blocked user $user_email tried login");
			q("update $block_tbl set bl_num_attempt=bl_num_attempt+1 where bl_id=" . $lRowBanned["bl_id"]);
		}
		elseif ($status == 1){
		    
      		$msg = LA_BLOCKED_LOGIN;
		}elseif ($verify_code AND $set_opt_verify)
      	{
      		
      		$msg.="<p>&nbsp;</p><p>";
      		$msg.= "<p class='bg'>" . LA_NEED_TO . "</p>";	
      		
      		$msg.="<p>&nbsp;</p><p>";
      		$msg.=LA_RESEND_VALIDATION_CODE;
      		$msg.="<p>&nbsp;</p>";
      		$msg.="<p><a href='?resend=$user_id'>" . LA_RESEND_VALIDATION_MORE ."</a></p>";
      	}
      	elseif ($set_approve_mem AND !$approve){
      		
        	$msg = LA_WAIT_APP;	
      	}else
      	{
        	$_SESSION["valid_user"] = $user_id;
        	$_SESSION["user_name"] = $name;
			$_SESSION["user_email"] = strtolower($user_email);
        	addLoginItem($user_id);
			addToHistory(1,$user_id,"","");
			
			
			// Redirect user to correct page
			if (!empty($_REQUEST["redirect_to"])){
				
				redirect($_REQUEST["redirect_to"]);
			}else{
				
				redirect("member.php");
			}
       }
   }
   else 
   {
   		// Failed login		
   		//$msg = writeHeadLine(LA_WARNING,"red");
		$msg = $msg . LA_NOT_AUTHORIZED;
		addToHistory(13,"","","$username");
                
   }
   
}
elseif (isset($_REQUEST["forgot"]) AND isset($_POST["email"]))
{
	$lEmail = strip_tags(strToDb($_POST["email"]));
	$lPassOne = generatePassword(5);
	
	if (($lEmail))
	{
		$result = q ("select user_email,user_name from $usr_tbl where user_email = '$lEmail'");
		$count_results = mysql_num_rows($result);
		
		if ($count_results>0)
		{
			$lRow=mysql_fetch_array($result);
			$lName=$lRow["user_name"];
			
			$sql="update $usr_tbl set user_pass_md5 = md5('$lPassOne') where user_email = '$lEmail'";
			$res = q ($sql);
			$msg = writeHeadLine(LA_SUCCESS,"black");
			$msg = $msg . formatString(LA_FORGOT_SENT_MSG,array("<b>$lEmail</b>"));	
			addToHistory(14,"","","$username");
			$lNewUserArray=array("$lName","$lEmail","$lPassOne","$set_sitename","".getRemoteIp()."","http://$set_url/member_login.php");
			if (!isset($_REQUEST["forgot"])){
				$lSubject = formatString(LA_MAIL_NEWUSER_SUBJECT, $lNewUserArray);
				$lBody = formatString(LA_MAIL_NEWUSER_BODY, $lNewUserArray);
				//echo "SUBJECT: " . $lSubject . "<p>BODY: " . $lBody;			 
				sendEmail($lEmail,$set_webmaster_address, $lSubject, $lBody);
			}else{				
				$lSubject = formatString(LA_MAIL_FORGOT_SUBJECT, $lNewUserArray);
				$lBody = formatString(LA_MAIL_FORGOT_BODY, $lNewUserArray);
				//echo "SUBJECT: " . $lSubject . "<p>BODY: " . $lBody;			 
				sendEmail($lEmail,$set_webmaster_address, $lSubject, $lBody);
				
			}
		}
		else
		{
			$msg = writeHeadLine(LA_WARNING,"red");
			$msg = $msg . formatString(LA_FORGOT_NOTF,array("<b>$lEmail</b>"));
		}
	}
	else 
	{
		$msg = writeHeadLine(LA_WARNING,"red");
		$msg = $msg . LA_ERROR_MSG21;
	}
}

if (isset($_REQUEST["logout"])) {
	$msg = $la_session_remove;
}
check_valid_user("$msg");
require("footer_inc.php");
?>
